Australian DDoS attacks last half as long, hit twice as hard as regional average

Australian targets are being hit by shorter, more intense distributed denial of service (DDoS) attacks that are, on average, the largest in the Asia-Pacific region, according to new figures from a global DDoS watchdog.

The average DDoS size in the first quarter of this year was 1.25Gbps, according to figures from Arbor Networks' ATLAS Threat Portal.

ATLAS, which compiles and normalises traffic data from over 330 service providers carrying a cumulative 120Tbps of Internet traffic, traces DDoS attacks from start to finish and measures them by peak and average bandwidth.

Australian DDoS attacks were getting worse on both metrics, with the 1.25Gbps average attack size approximately twice as large as the average attack across the Asia-Pacific region during Q1.

“Australia reflects the global trend,” Arbor Networks Australian country manager Nick Race recently told CSO Australia. “We're not just an island at the bottom of the world; we're affected equally as much as the rest of the world.”

The largest reflection attack observed in Australia used Simple Service Discovery Protocol (SSDP) to generate 26Gbps of DDoS traffic, while Network Time Protocol (NTP) was exploited to generate a reflection attack that surged to 51Gbps peak traffic.

That fell short of the 77Gbps Australian peak and 400Gbps global record observed during 2014, but the growing average size of the incidents confirmed that DDoS attacks are ever more-significant threats to Australian organisations.
Despite their intensity, attacks against Australian targets lasted just 22 minutes, compared with 46 minutes across the region.

Arbor Networks has been watching the steady growth in DDoS attacks for years, with successive reviews of its collective data showing DDoS frequency and intensities continuing to trend upwards at an alarming pace.

DDoS attacks' potential damage to revenues and brand perception was driving customer interest in cloud-based DDoS detection and mitigation services as well as encouraging many to revisit their own on-premises protections.

“The more we go online as an industry, the more that downtime becomes a business cost,” Race said.

“Take your online revenue and divide it by 365, and that's the effective loss you face per day that a DDoS has taken your services down. Then there's the brand damage, and the more intangible costs for businesses because they are offline.”

Race believes a growing trend towards proactive mitigation of DDoS attacks will help Australian companies avoid being completely blindsided by such attacks. Telecommunications carriers, in particular, are moving to bolster their DDoS defences to prevent the attacks from getting anywhere near their customers.

“Telcos and service providers are working together to collaborate in the defence from attacks like these,” Race said. “The most important thing you can do is to get as close as possible to the source of the attack, and stop it as far upstream as possible. We are all just trying to stay one step ahead of the bad guys.”

Copyright 2016 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.